<?php
$page = "imobile";
include "header.php";

$task = rc_toolkit::get_request('task');

$referer = $_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'home.php';

if ($task == "set_display")
{
  $imobile_force_mode = rc_toolkit::get_request('mode');
  rc_imobile::set_display_mode($imobile_force_mode);
  
  rc_toolkit::redirect($referer);
  
} // set display
else if ($task == "user_status_update")
{
  // MUST BE LOGGED IN TO USE THIS TASK
  if( !$user->user_exists || !$user->level_info['level_profile_status'] )
  {
    $result = FALSE;
    $user_status = '';
  }
  
  else
  {
    $result = TRUE;
    $user_status = rc_toolkit::get_request('status','');
    censor($user_status);
    
    // ADD BREAKS TO STATUS SO IT WILL WRAP ON THE PAGE
    //$user_status = chunkHTML_split(substr($user_status, 0, 100), 12, "<wbr>&shy;");
    
    // UPDATE STATUS AND LAST UPDATE DATE
    $database->database_query("UPDATE se_users SET user_status='{$user_status}', user_status_date='".time()."' WHERE user_id='{$user->user_info['user_id']}' LIMIT 1");
    $user->user_lastupdate();
    
    // INSERT ACTION IF STATUS IS NOT EMPTY
    if( trim($user_status) )
    {
      $actions->actions_add($user, "editstatus", Array($user->user_info['user_username'], $user->user_displayname, $user_status), Array(), 600, false, "user", $user->user_info['user_id'], $user->user_info['user_privacy']);
    }
  }
  
  rc_toolkit::redirect($referer);  
  
} // user_status_update
else if ($task == "user_post_comment") {
  
  // GET COMMENT TYPE, ETC
  $type = ( isset($_POST['type']) ? $_POST['type'] : NULL );
  $iden = ( isset($_POST['iden']) ? $_POST['iden'] : NULL );
  $value = ( isset($_POST['value']) ? $_POST['value'] : NULL );
  $tab = ( isset($_POST['tab']) ? $_POST['tab'] : NULL );
  $col = ( isset($_POST['col']) ? $_POST['col'] : NULL );
  $child = ( isset($_POST['child']) ? $_POST['child'] : FALSE );
  $tab_parent = ( isset($_POST['tab_parent']) ? $_POST['tab_parent'] : NULL );
  $col_parent = ( isset($_POST['col_parent']) ? $_POST['col_parent'] : NULL );
  $object_owner = ( isset($_POST['object_owner']) ? $_POST['object_owner'] : NULL );
  $object_owner_id = ( isset($_POST['object_owner_id']) ? $_POST['object_owner_id'] : NULL );
  
  if( !$type || !$iden || !$value || !$tab || !$col ) {
    rc_toolkit::redirect($referer);  
  }
  
  $type = preg_replace('/[^A-Z0-9_\.-]/i', '', $type);
  $tab  = preg_replace('/[^A-Z0-9_\.-]/i', '', $tab );
  $col  = preg_replace('/[^A-Z0-9_\.-]/i', '', $col );
  
  // CHECK TO SEE IF OBJECT OWNER EXISTS
  if( $owner->user_exists )
  { 
    $object_owner = "user";
    $object_owner_id = $owner->user_info['user_id'];
    $object_owner_class =& $owner;
  }
  elseif( $object_owner )
  {
    $object_owner = preg_replace('/[^A-Z0-9_\.-]/i', '', $object_owner);
    $classname = "se_".$object_owner;
    $object_owner_class = new $classname($user->user_info['user_id'], $object_owner_id);
    if( !$object_owner_class->{$object_owner."_exists"} ) exit();
    $owner = new se_user(Array($object_owner_class->{$object_owner."_info"}[$object_owner."_user_id"]));
  }
  
  else
  {
    rc_toolkit::redirect($referer);  
  }

  // RETRIEVE OBJECT
  $object = $database->database_query("SELECT * FROM `se_{$tab}` WHERE `{$iden}`='{$value}'");
  if( !$database->database_num_rows($object) ) exit();
  $object_info = $database->database_fetch_assoc($object);

  // RETRIEVE OBJECT OR PARENT OF OBJECT WE ARE COMMENTING ON
  if( $child )
  {
    $permission_query = $database->database_query("SELECT `{$col_parent}_privacy` AS object_privacy, `{$col_parent}_comments` AS object_comments FROM `se_{$tab}` LEFT JOIN `se_{$tab_parent}` ON `se_{$tab}`.`{$col}_{$col_parent}_id`=`se_{$tab_parent}`.`{$col_parent}_id` WHERE `se_{$tab}`.`{$iden}`='{$value}' AND `se_{$tab_parent}`.`{$col_parent}_{$object_owner}_id`='{$object_owner_id}'");
    if( !$database->database_num_rows($permission_query) ) exit();
    $permission = $database->database_fetch_assoc($permission_query);
  }
  else
  {
    $permission = $object_info;
    $permission['object_privacy'] = $object_info[$col."_privacy"];
    $permission['object_comments'] = $object_info[$col."_comments"];
    $ownercol = ( $object_owner == $col ? $col."_id" : $col."_".$object_owner."_id" );
    if( $object_info[$ownercol] != $object_owner_id ) exit();
  }

  // CHECK IF USER IS ALLOWED TO COMMENT
  $functionname = $object_owner."_privacy_max";
  $privacy_max = $object_owner_class->$functionname($user);
  if( !($privacy_max & $permission['object_comments']) ) exit();

  // SET OBJECT TITLE
  $object_title = $object_info[$col."_title"];
  
  if( $tab=="eventmedia" || $tab=="groupmedia" )
  {
    $object_title = $object_owner_class->{$object_owner."_info"}[$object_owner."_title"];
  }
  
  if( !$object_title )
  {
    SE_Language::_preload(589);
    SE_Language::load();
    $object_title = SE_Language::_get(589);
  }

  // START COMMENT OBJECT
  $comment = new se_comment($type, $iden, $value, $tab, $col);

  // POST COMMENT
  $comment_info = $comment->comment_post($_POST['comment_body'], $_POST['comment_secure'], $object_title, $object_owner, $object_owner_id, $permission['object_privacy']);
  
  $is_error = $comment->is_error;
  $comment_body = ( isset($comment_info['comment_body']) ? $comment_info['comment_body'] : NULL );
  $comment_date = ( isset($comment_info['comment_date']) ? $comment_info['comment_date'] : NULL );
  
  
  rc_toolkit::redirect($referer);  
  
} // user_post_comment

else if ($task == "user_send_message")
{
  if( !$user->level_info['level_message_allow'] )
  {
    rc_toolkit::redirect($referer);  
  }
  
  $to = $_POST['to'];
  $subject = $_POST['subject'];
  $message = $_POST['message'];

  $user->user_message_send($to, $subject, $message);
  $is_error = $user->is_error;

  //if($is_error != 0) { SE_Language::_preload($is_error); SE_Language::load(); $error_message = SE_Language::_get($is_error); }
 
  rc_toolkit::redirect("user_messages.php?error=$error_message");  
} // user_send_message

else if ($task == "user_notify_delete")
{
  $notifytype_id  = ( isset($_POST['notifytype_id'])  ? $_POST['notifytype_id']  : FALSE );
  $notify_grouped = ( isset($_POST['notify_grouped']) ? $_POST['notify_grouped'] : FALSE );
  
  // MUST BE LOGGED IN TO USE THIS TASK
  if( !$user->user_exists || !$notifytype_id )
  {
    $result = FALSE;
  }
  
  else
  {
    $result = $notify->notify_delete($notifytype_id, $notify_grouped);
  }
  //print_r($_POST);
  // SEND AJAX CONFIRMATION
  //header("Content-Type: application/json");
  //echo json_encode(array('result' => $result, 'notifytype_id' => (int) $notifytype_id, 'notify_grouped' => $notify_grouped));
  exit();
} // user_notify_delete

rc_toolkit::redirect($referer); 
include "footer.php";
